You're right, the client code doesn't seem to verify certificates, making TLS mostly pointless. However, traffic between prayer/prayer- session, prayer-accountd, and the backend LDAP server typically is over the loopback interface or at least a trusted LAN, not over the public Internet, making the impact low. I'll see what I can do though.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1374731 Title: X509 certificate verification problem To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/prayer/+bug/1374731/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs